@sap/cds 8.4.2 → 8.5.1

package/lib/auth/ias-claims.js

@@ -1,34 +0,0 @@
-module.exports = Object.values({
-  /*
-   * JWT claims (https://datatracker.ietf.org/doc/html/rfc7519#section-4)
-   */
-  ISSUER: 'iss',
-  SUBJECT: 'sub',
-  AUDIENCE: 'aud',
-  EXPIRATION_TIME: 'exp',
-  NOT_BEFORE: 'nbf',
-  ISSUED_AT: 'iat',
-  JWT_ID: 'jti',
-  /*
-   * TokenClaims (com.sap.cloud.security.token.TokenClaims)
-   */
-  // ISSUER: "iss", //> already in JWT claims
-  IAS_ISSUER: 'ias_iss',
-  // EXPIRATION: "exp", //> already in JWT claims
-  // AUDIENCE: "aud", //> already in JWT claims
-  // NOT_BEFORE: "nbf", //> already in JWT claims
-  // SUBJECT: "sub", //> already in JWT claims
-  // USER_NAME: 'user_name', //> do not exclude
-  // GIVEN_NAME: 'given_name', //> do not exclude
-  // FAMILY_NAME: 'family_name', //> do not exclude
-  // EMAIL: 'email', //> do not exclude
-  SAP_GLOBAL_SCIM_ID: 'scim_id',
-  SAP_GLOBAL_USER_ID: 'user_uuid', //> exclude for now
-  SAP_GLOBAL_ZONE_ID: 'zone_uuid',
-  // GROUPS: 'groups', //> do not exclude
-  AUTHORIZATION_PARTY: 'azp',
-  CNF: 'cnf',
-  CNF_X5T: 'x5t#S256',
-  // own
-  APP_TENANT_ID: 'app_tid'
-})

package/lib/auth/jwt-auth.js

@@ -1,70 +0,0 @@
-const cds = require('../')
-const LOG = cds.log('auth')
-
-// _require for better error message
-const _require = require('../../libx/_runtime/common/utils/require')
-
-let xssec = _require('@sap/xssec')
-// use v3 compat api
-if (xssec.v3) xssec = xssec.v3
-
-module.exports = function jwt_auth(config) {
-  const { kind, credentials } = config
-
-  if (!credentials) {
-    let msg = `Authentication kind "${kind}" configured, but no XSUAA instance bound to application.`
-    msg += ' Either bind an XSUAA instance, or switch to an authentication kind that does not require a binding.'
-    throw new Error(msg)
-  }
-
-  function getUser(tokenInfo) {
-    const payload = tokenInfo.getPayload()
-
-    let id = payload.user_name
-
-    // Roles = scope names w/o xsappname
-    const xsappname = new RegExp(`^${credentials.xsappname}\\.`)
-    let roles = payload.scope.map(s => s.replace(xsappname, ''))
-
-    // Disallow setting system roles from external
-    roles = roles.filter(r => !(r in { 'internal-user': 1, 'system-user': 1 }))
-
-    if (payload.grant_type in { client_credentials: 1, client_x509: 1 }) {
-      id = 'system'
-      roles.push('system-user')
-      if (tokenInfo.getClientId() === credentials.clientid) roles.push('internal-user')
-    }
-
-    const attr = Object.assign({}, payload['xs.user.attributes'])
-    if (kind === 'xsuaa') {
-      attr.logonName = payload.user_name
-      attr.givenName = payload.given_name
-      attr.familyName = payload.family_name
-      attr.email = payload.email
-    }
-
-    return new cds.User({ id, roles, attr, tokenInfo })
-  }
-
-  return (req, _, next) => {
-    if (!req.headers.authorization) return next()
-
-    const token = req.headers.authorization.split(/^bearer /i)[1]
-    xssec.createSecurityContext(token, credentials, function (err, securityContext, tokenInfo) {
-      if (err) {
-        const level = (err.statusCode >= 400 && err.statusCode < 500) ? 'warn' : 'error'
-        LOG[level]('User could not be authenticated due to error:', err)
-      }
-
-      if (!securityContext) return next(new cds.error('Unauthorized', { code: 401, statusCode: 401 }))
-
-      const ctx = cds.context
-      ctx.user = getUser(tokenInfo)
-      ctx.tenant = tokenInfo.getZoneId()
-
-      req.authInfo = securityContext //> compat req.authInfo
-
-      next()
-    })
-  }
-}

package/libx/_runtime/common/i18n/messages.properties

@@ -1,99 +0,0 @@
-400=Bad Request
-401=Unauthorized
-403=Forbidden
-404=Not Found
-405=Method Not Allowed
-406=Not Acceptable
-407=Proxy Authentication Required
-408=Request Timeout
-409=Conflict
-410=Gone
-411=Length Required
-412=Precondition Failed
-413=Payload Too Large
-414=URI Too Long
-415=Unsupported Media Type
-416=Range Not Satisfiable
-417=Expectation Failed
-422=Unprocessable Content
-424=Failed Dependency
-428=Precondition Required
-429=Too Many Requests
-431=Request Header Fields Too Large
-451=Unavailable For Legal Reasons
-500=Internal Server Error
-501=The server does not support the functionality required to fulfill the request
-502=Bad Gateway
-503=Service Unavailable
-504=Gateway Timeout
-
-MULTIPLE_ERRORS=Multiple errors occurred. Please see the details for more information.
-
-# -------------------------------------------------------------------------------------------------
-# all texts below are subject to change!
-# -------------------------------------------------------------------------------------------------
-
-# fragments
-ENTITY=entity
-TYPE=type
-FUNCTION=function
-ACTION=action
-
-# assert
-ASSERT_VALID_ELEMENT=Element is not valid
-ASSERT_RANGE=Value {0} is not in specified range [{1}, {2}]
-ASSERT_FORMAT=Value "{0}" is not in specified format "{1}"
-ASSERT_DATA_TYPE=Value {0} is not a valid {1}
-ASSERT_ARRAY=Value must be an array
-ASSERT_ENUM=Value {0} is invalid according to enum declaration {{1}}
-ASSERT_NOT_NULL=Value is required
-ASSERT_TARGET="Value doesn't exist"
-
-# db
-NO_DATABASE_CONNECTION=No database connection
-ENTITY_ALREADY_EXISTS=Entity already exists
-ENTITY_LOCKED=Entity locked
-UNIQUE_CONSTRAINT_VIOLATION=Unique constraint violation
-FK_CONSTRAINT_VIOLATION=Foreign key constraint violation
-
-# remote
-INVALID_CONTENT_TYPE_ONLY_JSON=Invalid content type. Only "application/json" is supported.
-
-# access control
-INSERTABLE=insertable
-READABLE=readable
-UPDATABLE=updatable
-DELETABLE=deletable
-ENTITY_IS_INSERT_ONLY=Entity "{0}" is insert-only
-ENTITY_IS_READ_ONLY=Entity "{0}" is read-only
-ENTITY_IS_NOT_CRUD=Entity "{0}" is not {1}
-ENTITY_IS_NOT_CRUD_VIA_NAVIGATION=Entity "{0}" is not {1} via navigation "{2}"
-ENTITY_IS_AUTOEXPOSED=Entity "{0}" is not explicitly exposed as part of the service
-ENTITY_IS_AUTOEXPOSE_READONLY=Entity "{0}" is explicitly exposed as readonly
-EXPAND_IS_RESTRICTED=Navigation property "{0}" is not allowed for expand operation
-
-# rest protocol adapter
-INVALID_RESOURCE="{0}" is not a valid resource
-INVALID_PARAMETER="{0}" is not a valid parameter
-INVALID_PARAMETER_VALUE_TYPE=Parameter value for "{0}" must be of type "{1}"
-INVALID_OPERATION_FOR_ENTITY=Entity "{0}" has no {1} "{2}"
-NO_MATCHING_RESOURCE=The server has not found a resource matching the requested URI
-INVALID_POST=POST is only allowed on resource collections and actions
-INVALID_PUT=PUT is only allowed on a specific resource
-INVALID_PATCH=PATCH is only allowed on a specific resource
-INVALID_DELETE=DELETE is only supported on a specific resource
-CRUD_VIA_NAVIGATION_NOT_SUPPORTED=CRUD via navigations is not yet supported
-
-# OData protocol adapter
-BATCH_TOO_MANY_REQ=Batch request contains too many requests
-
-# draft
-DRAFT_ALREADY_EXISTS=A draft for this entity already exists
-DRAFT_NOT_EXISTING=No draft for this entity exists
-DRAFT_LOCKED_BY_ANOTHER_USER=The entity is locked by user "{0}"
-DRAFT_MODIFICATION_ONLY_VIA_ROOT=A draft-enabled entity can only be modified via its root entity
-ACTIVE_MODIFICATION_VIA_DRAFT=Active entities cannot be modified via draft request
-DRAFT_ACTIVE_DELETE_FORBIDDEN_DRAFT_EXISTS=Entity cannot be deleted because a draft exists
-
-# singleton
-SINGLETON_NOT_NULLABLE=The singleton entity is not nullable

package/libx/_runtime/common/utils/require.js

@@ -1,9 +0,0 @@
-module.exports = name => {
-  name = Array.isArray(name) ? name[0] : name
-  try {
-    return require(name)
-  } catch (e) {
-    e.message = `Cannot find module '${name}'. Make sure to install it with 'npm i ${name}'\n` + e.message
-    throw e
-  }
-}